Original URL: http://www.theregister.co.uk/2012/08/30/rasgas_malware_outbreak/

Mystery virus attack blows Qatari gas giant RasGas offline

Stop the fuel pumps too? Ha ha ha! No

By John Leyden

Posted in Security, 30th August 2012 16:52 GMT

A mystery virus has infected the network of Qatar's natural gas pumper RasGas, prompting bosses to pull the plug on the biz's internet connection. Office systems have been unusable since the malware struck on 27 August, according to local reports.

In a fax to suppliers, the company reportedly said: "RasGas is presently experiencing technical issues with its office computer systems. We will inform you when our system is back up and running."

The RasGas website, rasgas.com, remains unreachable at the time of writing on Thursday afternoon. A spokesman for the firm told Arabian Oil and Gas that the malware outbreak was not affecting gas extraction and processing.

The virus infection follows a strikingly similar attack against Saudi Aramco on 15 August, which hit 30,000 workstations and forced the world's largest oil company to suspend access to its internal and remote networks for 10 days. Oil production activities were not affected by that outbreak either.

A hacktivist group called Cutting Sword of Justice claimed responsibility for the Saudi Aramco attack, characterising it as payback after the Saudi royal family moved to quell Arab Spring-style revolts in neighbouring countries. Circumstantial evidence suggests that Saudi Aramco was hit by Sahmoon, a data-wiping strain of malware that's also capable of swiping passwords and other sensitive information from infected Windows PCs.

RasGas is a joint venture between Qatar Petroleum and ExxonMobil that operates in Qatar, and annually exports as much as 36.3 million tonnes of liquefied natural gas. ®